Secure Authentication

The general authentication process at POLYAS
When logging into the online voting system, the access data of eligible voters is converted into a token (digital key) which is not visible to the voter. This token anonymises the identity of the voter and authenticates their right to vote in the election. Once voting has taken place the token in the validator is marked as 'invalid' so that the key cannot be reused.

Authentication via the PIN/TAN procedure

Authentication with POLYAS happens by default when the voter enters their voter ID and the corresponding password:

The voter ID is a person-specific feature, e.g. a staff or student number, date of birth or the email address of the voter.

The one- time password is generated by our system through specific security algorithms.

The electoral roll registers the request and asks the validator for the token (security key) of the voter when it has recognised the voter's ID. The validator then checks whether the access data as a voting entity exists in its database and then sends the token to the electoral roll which in turn passes this to the voters.

Only with the correct combination of both pieces of access data will the voter be admitted to the voting system

Only when all internal checking processes have been successfully completed will the voter be forwarded to the ballot. Voting then takes place on the basis of the token. The credentials entered were used for registration purposes only and will not be disclosed. When storing the completed ballot in the ballot box the token is not stored. Thus, the completed ballot cannot be clearly assigned to one person, and the secrecy of the ballot is maintained.

The system architecture prevents tampering

The POLYAS online voting system runs on multiple sub-systems that are located on different servers, each of which only store and process parts of the election data. An intermediate validator checks all intermediate steps of the vote and ensures a smooth election process.

The electoral roll and the validator each know only part of the voter's data and notify each other whether they are both familiar with the data. The token will only be created if both systems determine that the data is valid. The token allows voters to be anonymously forwarded to the ballot box where they can vote. This process therefore makes it impossible for additional voters to be added to the electoral roll once the election has begun, and also prevents unauthorised voters from participating or eligible voters from voting more than once.

The vote itself is securely encrypted using the HTTPS protocol and cannot be read by third parties.

POLYAS Tip: The safety of this authentication method can be further enhanced through a separate means of distributing (by mail or SMS) voters' passwords. This makes it even harder for any manipulators to gain access to both pieces of data simultaneously. Contact us for a legally non-binding offer

Other authentication methods

Other authentication methods at POLYAS are also available upon request, e.g. LDAP and the digital identity card. Request a free quote!

If you have activated the digital functions of the identity card it can be read by a digital scanner. The stored personal data then serves as the registration for the online voting system without requiring the user to enter the indicators themselves. This facilitates the registration process for the voter while maintaining security. Once again the POLYAS electoral system encrypts the data and carries out the vote by using a token.